Jaxx Liberty is a product designed for privacy and security. But what does “security” mean? How does a user-controlled wallet help you to stay safe and what can you do to ensure that your digital assets remain in your control? This article addresses those three questions, explaining:
- Some of the nuance to “security”
- The context in which user-controlled wallets sit
- What you can do from a technical and non-technical perspective to keep your assets secure
Security In Context
Unfortunately, the Internet is an insecure environment for data. Even the world’s most well-resourced agencies, like the United States NSA, have experienced thefts, including thefts of “cyberweapons” that are then used in other attacks. Industrial facility systems, power infrastructure, drone weapons, email accounts, and health data – all have been taken, and the thieves usually make off with the data without leaving behind a trace. For most people, this is an inconvenience, or perhaps may lead to identity theft. But now that money is becoming digital and more people are keeping their wealth in the form of cryptocurrencies, there is a risk that someone’s personal information, identity, secrets, and money can all be taken.
The insecure nature of the Internet, and the many companies and governments that interface with it, is a fundamental problem for users of cryptocurrency. How can someone’s assets be secure in a world where even militaries and spy agencies have their data stolen? This is a challenge, and one that can only be addressed by increasing protections for privacy, use of strong encryption, and public awareness of the dangers.
The situation is daunting but not hopeless, and this article will help explain what the risks are and how you can take steps to reduce the risk that you too will become a victim. Because the nature of this threat is so varied, even a company with the “most secure” product will have users who become victims. For example, scammers trick many people into sending money transfers from their bank account to accounts abroad, without bank robbery involved.
International Crime
The Internet is fertile ground for scams and crime. Open up most spam folders and you’ll see illegal offerings, schemes, and phishing emails. Thieves and scammers are out there. And cryptocurrency is often prized by thieves and scammers because it is digitally native and valuable.
Unfortunately, the criminal groups responsible for thefts of cryptocurrency are often located in jurisdictions far from Canada (where we’re based) and the home countries of Jaxx Liberty users. This makes it difficult for police and other agencies to pursue the thieves, and it’s often the case that once stolen, the information (cryptocurrency) cannot be recovered.
An email that’s been sent is very difficult to retrieve, and it’s tough to know if a copy has been made. Unlike emails, cryptocurrencies cannot be copied, but they can be very difficult to recover given the international nature of the criminals involved. Unfortunately, this means that users must be even more vigilant online than they would be in person (since in many countries, unprofitable street crime has been replaced by sophisticated digital crime).
The Security Properties of User-Controlled Wallets
User-controlled wallets, like Jaxx Liberty or the many other compatible wallets, offer a type of security that is important given the insecure nature of the Internet. User-controlled wallets offer the ability to stay safe from attacks on websites. There is no website to hack because digital assets in a Jaxx Liberty wallet aren’t on a website or accessible from a website. They’re only accessible from the users’ software program. This helps to prevent certain kinds of attacks, but places more emphasis on the user’s security practices.
If a criminal hacked the Jaxx Liberty website, users’ wallets wouldn’t be affected because they’re not connected to it. Although we rely on backend infrastructure that we’ve developed to provide information about blockchain addresses, broadcast transactions, etc., those services don’t have any access to the private keys or backup phrases of the users. Since Decentral Inc., the makers of the Jaxx Liberty wallet, don’t have the private keys, a compromise of something involving our company wouldn’t jeopardize users, in the same way that a hack of the Microsoft corporate website wouldn’t affect the documents that users have created on their computers using Microsoft Word.
By avoiding “the cloud,” the user-controlled wallet model keeps users safe from certain kinds of attacks. But this, like all security measures, comes at a cost: if a user loses their wallet and backup phrase, there’s no one who can “restore” the data because Decentral Inc. never had the data in the first place. This makes it even more important to secure the devices on which Jaxx Liberty runs, as well as the backup phrase for the wallet. Because technical security of a product is one thing, but security of what a user writes down or backs up is a different matter, and both can lead to losses.
Staying Safe: What We Do
There are many ways that wallet users are under attack every day. One of them is the creation of scam applications that masquerade as the real ones, and in some cases the criminals are able to get these counterfeit applications listed on app stores to deceive users. Decentral Inc. has staff and lawyers on retainer in Canada and the United States who help to ensure that scam applications are quickly taken down. We also rely on users to reach out to us when they spot a fake so that we can file the appropriate paperwork with the company or the host that is permitting the fake app. This is an ongoing battle.
We also take down websites that advertise phone support for Jaxx Liberty users. We don’t offer phone support, but many people Google “Jaxx Liberty” looking for help and then end up speaking with a scammer who asks them for their backup phrase or asks them to send cryptocurrency. Real customer support people from Jaxx Liberty will never ask a user for their backup phrase, but we can’t stop scammers from asking. We can only work on getting their accounts and websites taken down as we spot them.
We designed the Jaxx Liberty application to remind users to back up their backup phrase. We’ve even called it a “backup phrase” to emphasize what to do with it, instead of calling it a “root seed,” “mnemonic,” or one of several other synonyms used in the cryptocurrency space. Although some users may find the messages a bit overbearing, we know that users losing access to their cryptocurrency is a common problem in the industry and we try to do our best to make users aware that digital asset wallets do not work the same way as centralized systems.
Downloadable software empowers users, but also requires them to take the time to understand what it means to be independent of a company. Most websites offer a “forgot password” system that can give access back, but user-controlled wallets can’t do that because no central party stores the passwords. This is more secure in one sense, but can lead to losses if users do not back up their wallets.
Our legal and design efforts can only go so far. We also recommend that users take their own steps to stay safe, and below is a summary of 13 of the most effective ways that users can stay safe.
Staying Safe: How We Design Our Product
The most secure data is the data that users don’t let anyone else have. This is the concept that creates security on desktop computers, because the makers of the computers and software don’t have access to users’ files.
Similarly, we designed Jaxx Liberty to ensure that as much of your data stays within your control. Because no matter how trustworthy a company is, there’s no better form of security than not having to trust them. Jaxx Liberty is like that. It’s keeps users safe by collecting minimal personal information and metadata.
We built a product, Jaxx Liberty, that people can use without giving us their email address or a phone number. This in itself is a big step forward for customer security because it reduces the data at risk, and it demonstrates to the user that there is no login system – users do not depend on our servers for access to their digital assets.
Your backup phrase can be used with many other compatible wallets, so even if one day our servers are down or the Jaxx Liberty software isn’t offered, you’ll still have access. Most companies try to design their products to be incompatible with competitors, but we view customer security holistically. What’s important to Decentral is that you, the user, always remain in control.
We provide a convenient and popular software program for you to use, and we do so without taking your personal information and without taking away your private control of your digital assets. We take seriously the idea of “privacy by design,” a principle developed by the Information and Privacy Commissioner of Ontario, Canada. But no matter how well-designed our model is, there are additional steps that only users can take to ensure their security.
Staying Safe: 4 Technical Measures You Can Take
How to stay safe using technical measures with Jaxx Liberty:
- Do not save a backup phrase or any private keys to cloud storage that might be hacked or accessed by third parties. If you must store these items in the cloud, consider using encryption to secure the backup.
- Use a “clean” phone or laptop to avoid malware or malicious software that can remotely access a device (“remote access tools”).
- Avoid public computers, like at libraries or at work.
- Set a password on your operating system. In-app passwords are helpful, but the best encryption is only available at the hardware/operating system level. There’s no substitute for a strong password on your device (outside of Jaxx Liberty).
Staying Safe: 9 Practical Measures You Can Take
Security is partly a technical subject and partly a matter of user behavior. Here are a few non-technical actions that can help ensure that digital assets stay safe:
- Write down your backup phrase and keep it in a safe place.
- Add a password to Jaxx Liberty that will be required for any transaction.
- Add a password or PIN to your device in case you lose it or someone else gains access to it.
- Do not lend your phone or device on which you’ve installed Jaxx Liberty.
- Do not type in your backup phrase within line of sight of security cameras. As cameras become higher resolution, thieves may use them to steal from unsuspecting users.
- Never respond to strangers asking for digital assets, even if it is for an “investment” or a “giveaway.” Digital assets are valuable and very few people are willing to give them away, so be highly suspicious of any offers to give digital assets. They are often a scam designed to cause users to send digital assets rather than receive them!
- Be cautious about sending digital assets to people on dating websites as they may be criminals posing as romantic interests. This is an increasingly common type of scam that combines stealing cryptocurrency with breaking hearts.
- Only spend digital assets with parties you trust. Digital asset transfers are more like cash than credit cards in that they are impossible to reverse at the protocol level.
- Only keep small amounts of digital assets in wallets like Jaxx Liberty. They are meant for practical everyday use, not as a means of storing life-changing amounts. There are more complicated methods available for storing digital assets that may be more suited for business use or for people who hold significant amounts.